[unisog] DShield and Symantec report MSBlast in wild

Gary Flynn flynngn at jmu.edu
Tue Aug 12 04:43:23 GMT 2003


Edward W. Ray wrote:
 > While this is illegal, and no site should be DDoSed off the web, I find the
 > fact that the worm slams the M$ site rather amusing :)
 >
 > So much for Windows 2003 being "Secure by Default."

One hopes that all vendors will learn that shipping a system
with listening ports these days is foolhardy. You can't get
the patches before you get infected/hacked anymore.

And I don't just mean Microsoft. Unix's portmapper and related
RPC services, NTP, plug-n-play, nothing should be turned on by
default that opens a door on the network.

BTW, I wonder what lawyers will make of the fact that Microsoft's
security bulletin says:

"RPC over UDP or TCP is not intended to be used in hostile environments
  such as the Internet"

And it was shipped that way why?

Is it time for a product recall of all defective CDs from registered
owners and the supply chain? Otherwise, consumers go out and buy a new
PC or OS CD, take it home, and promptly get infected.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe



More information about the unisog mailing list